Sunday, March 14, 2010

Ford Motor Rolls Out New Security Features To Prevent Car-Hacking

Automobile giant Ford Motor this year will debut vehicles with built-in WiFi -- along with enhanced security features to prevent data breaches via its new cars.

Ford has offered the so-called Sync technology service it co-developed with Microsoft in most of its Ford, Lincoln, and Mercury vehicles since 2008. The technology lets drivers run their Bluetooth-enabled mobile phones and digital media players via their vehicles and use voice commands to operate them, for instance.

The automaker announced today that the second generation of its Sync technology -- due out later this year and to include a full Windows CE operating system with a new driver interface called MyFordTouch -- will come with a built-in browser and secured WiFi access. It will first debut in the 2011 Ford Edge and 2011 MKX Lincoln, and later, in the 2012 Ford Focus.

"We really began to focus on the security side when we began launching Sync, and it was [originally] for working with phones and media players," says Jim Buczkowski, director of Ford electronics and electrical systems engineering. "Now we're extending that system connectivity to include WiFi as another data path for customers in their vehicles ... and we're extending that security model for protecting WiFi."

[...]

"Any software is first verified by Ford engineers and signed by Ford enteprise servers before it gets installed [in the vehicles]," he says.

Wadhwa says Ford also uses internal ethical hacking teams as well as third-party consultants to test out the security of the Sync features.

"They are proud that they enable WPA2 and a firewall by default on the access point, perform pairing over Bluetooth, and have some arbitrary DRM for preventing swapping hard drives of MP3s. It all sounds like pretty vanilla stuff, anything a decent home network set-up has," says Nate Lawson, principal with Root Labs.

Wadhwa says Ford isn't aware of any car-hacking incidents with its vehicles to date. "We do not want to have any incidents in the first place," he says. "We are connecting consumer-grade devices [in the vehicle], and we want to make sure out of the chute we are protected from any bad devices out there, like memory sticks or whatever they put [into the vehicle]," he says.

Wadhwa says the hardware-based firewall technology is made up of two "separate entities" so that the consumer side of the firewall that handles what can connect can't pass information to the vehicle's processor, or vice versa. "

All of Ford's vehicles in the next five years will come with the secure WiFi option, according to Ford.